Near field communication transactions

ABSTRACT

A method for transmitting data between a mobile communication device and a server. The method includes running a mobile application on the mobile communication device. The mobile application is hosted on the mobile communication device through the server as a Software as a Service (SaaS). The method further includes transmitting data associated with the mobile application between the mobile communication device and the server, in which transmission of the data between the mobile communication device and the server is monitored through the server.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of application Ser. No. 11/939,821,filed Nov. 14, 2007, titled METHOD AND SYSTEM FOR SECURING TRANSACTIONSMADE THROUGH A MOBILE COMMUNICATION DEVICE, all of which is incorporatedby reference herein in its entirety.

FIELD OF INVENTION

The present invention relates to data communications and wirelessdevices.

BACKGROUND OF THE INVENTION

Mobile communication devices—e.g., cellular phones, personal digitalassistants, and the like—are increasingly being used to conduct paymenttransactions as described in U.S. patent application Ser. No.11/933,351, entitled “Method and System For Scheduling A BankingTransaction Through A Mobile Communication Device”, and U.S. patentapplication Ser. No. 11/467,441, entitled “Method and Apparatus ForCompleting A Transaction Using A Wireless Mobile Communication Channeland Another Communication Channel, both of which are incorporated hereinby reference. Such payment transactions can include, for example,purchasing goods and/or services, bill payments, and transferring fundsbetween bank accounts. Given the sensitive nature of personal money orbanking data that may be stored on a mobile communication device as aresult of the ability to transact payments, it is critical to protect auser from fraudulent usage due to, e.g., loss or theft of a mobilecommunication device.

BRIEF SUMMARY OF THE INVENTION

In general, in one aspect, this specification describes a method fortransmitting data between a mobile communication device and a server.The method includes running a mobile application on the mobilecommunication device. The mobile application is hosted on the mobilecommunication device through a management server. The method furtherincludes transmitting data associated with the mobile applicationbetween the mobile communication device and the server, in whichtransmission of the data between the mobile communication device and themanagement server is monitored through the management server.

Implementations can include one or more of the following features.Transmitting data can include generating a session key that is onlyvalid for a given communication session between the mobile communicationdevice and the server. The method can further include disabling use ofthe mobile application running on the mobile communication devicethrough the management server by invalidating the session key. Themethod can further include timing out a given communication sessionbetween the mobile communication device and the management server aftera pre-determined amount of time to prevent theft of data that isaccessible through the mobile application. Transmitting data associatedwith the mobile application between the mobile communication device andthe management server can include prompting a user to enter a paymentlimit PIN in response to a pending purchase exceeding a pre-determinedamount. The payment limit PIN can be applied to all purchases globallyor on a per-payment basis. The method can include use of biometrics toauthenticate the user before authorizing the transaction. The mobileapplication can comprise a payment transaction application that permitsa user to perform one or more of the following services including billpayment, fund transfers, or purchases through the mobile communicationdevice. The mobile application can permit a user to subscribe to each ofthe services separately.

The details of one or more implementations are set forth in theaccompanying drawings and the description below. Other features andadvantages will be apparent from the description and drawings, and fromthe claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates one implementation of a block diagram of acommunication system including a wireless mobile communication device.

FIG. 2 illustrates one implementation of the wireless mobilecommunication device of FIG. 1.

FIG. 3 illustrates one implementation of a method for authenticating auser.

FIG. 4 illustrates one implementation of a method for remotely lockinguse of a mobile application on a mobile communication device.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 illustrates one implementation of a communication system 100. Thecommunication system 100 includes a hand-held, wireless mobilecommunication device 102 a point-of-sale device 104 and a remote server106. In one implementation, the mobile communication device 102 includesa mobile application (discussed in greater detail below) that permits auser of the mobile communication device 102 to conduct paymenttransactions. Payment transactions can include, for example, usingcontactless payment technology at a retail merchant point of sale (e.g.,through point of sale device 104), using mobile/internet commerce (e.g.,purchase tickets and products, etc.), storage of payment information andother digital artifacts (receipts, tickets, coupons, etc), storage ofbanking information (payment account numbers, security codes, PIN's,etc.), and accessing banking service (account balance, payment history,bill pay, fund transfer, etc.), and so on.

In one implementation, the mobile application running on the mobilecommunication device 102 implements one or more of the following toolsto secure data that may be stored and presented on the mobilecommunication device 102 as a result of a payment transaction. Themobile application can implemented one the mobile communication device102 through a management server which hosts and operates (eitherindependently or through a third-party) the application for use by itscustomers over the Internet, or other wireless network (e.g., a privatenetwork), or a wired network. In one implementation, customers do notpay for owning the software itself but rather for using the software. Inone implementation, the mobile application is accessible through an APIaccessible over the Web (or other network). The mobile application caninclude a multi-factored PIN-based login and authentication, and includesession keys and have command-level authentication. In oneimplementation, the mobile application running on the mobilecommunication device 102 can be remotely locked through a remote server(e.g., remote server 106). In one implementation, a PIN request can beimplemented to limit the amount of purchases that can be made. Further,security codes for different payment methods can be implemented toprotect a user. Each of these tools is discussed in greater detailbelow.

FIG. 2 illustrates one implementation of the mobile communication device102. The mobile communication device 102 includes a mobile application200 that (in one implementation) is provided to the mobile communicationdevice 102 through a remote server (e.g., remote server 106). In oneimplementation, the mobile application is a Mobile Wallet applicationavailable from Mobile Candy Dish, Inc., of Berkeley, Calif. Providingthe mobile application as a hosted service enables central monitoringand management of all security aspects of the service at the remoteserver. In addition, data (corresponding to a payment transaction) canbe stored on the remote server (e.g., remote server 106 (FIG. 1)) in asecure manner. In one implementation, the remote server is a managementserver that is can be maintained by Mobile Candy Dish or a trusted thirdparty, as described in U.S. patent application Ser. No. 11/933,351. Forexample, the data can be securely stored on the remote server usingconventional PCI guidelines. Hence, in the event the mobilecommunication device 102 is lost (or stolen), no confidential data canbe recovered as no data is stored on the mobile communication device102. In addition, an added benefit is that a user can recover seamlesslyby syncing new mobile communication device (via new installation of themobile application) with the service. Thus, in one implementation,sensitive information (e.g., banking account numbers, credit cardaccount numbers, expiry dates, and so on) are never stored on the mobilecommunication device. This reduces risk and exposure of the user'sprivate information and data.

Client Login and Authentication

In general, while effort is made to minimize storage of sensitive userinformation and data in a memory of a mobile communication device, inone implementation, some data is stored in the memory of a mobilecommunication device due to reasons of performance, usability and userexperience. For example, data may need to be stored on a mobilecommunication device in the following circumstances. Paymentcredentials, coupons, tickets, and so on may have to be stored on thesecure element of an NFC phone. Account balance, banking paymenthistory, etc., may be locally cached on a mobile communication device.In one implementation, a user can opt-in to save payment method securitycodes in the client (or mobile application) for convenience. Ticketsand/or coupons may be locally cached so that a user can redeem thetickets and/or coupons in an offline mode. For example, a mobilecommunication device may be offline in a situation in which networkconnectivity inside a building is degraded, and storing a ticket and/orcoupon in a local cache of the mobile communication device permits theuser to access the ticket or coupon.

In addition to data partitioning, in one implementation, users have anability to subscribe to different services. For example, User A maysubscribe to “Mobile Payments” and “Mobile Banking” services, while UserB may only subscribe to “Mobile Banking” and “What's Nearby” services.Hence, in one implementation, the mobile application includes amechanism to enable/disable different services on the Client based onparticular services to which users are subscribed. Table 1 belowillustrates example services that are enabled/disabled based on usersubscriptions.

TABLE 1 USER SERVICE SUBSCRIPTION STATUS User A Money Manager DisabledUser B Money Manager Transaction Only User C Money Manager Transaction,Payment User D Money Manager Transaction, Payment, BillPay, FundTransferThe above example control access to the Money Manager service and whatprivileges within the service a given user can perform. This will beused by the Client (mobile application) to enable/disable availablefeatures on the Client.

In one implementation, when a user subscribes to a mobile wallet theuser is assigned credentials that include a unique WalletID, SiteKey, auser-defined PIN, as well as tokens that specify access and privilegesfor the different services. FIG. 3 illustrates one implementation of amethod 300 for authenticating a user. User input is received (through amobile communication device) logging into the mobile application service(step 302). In one implementation, when a user attempts to login withthe client, the user is prompted to enter login credentials (e.g.,mobile phone number, 1-time activation code, Wallet PIN, etc.). Asession key is generated (step 304). In one implementation, the sessionkey is a unique server-generated session key that is valid only for theduration of a given session. In one implementation, the session key isused to ensure the server can identify the client and ensure that theclient has been previously authenticated. Upon a successful login, theserver will transfer credentials, service access and privileges (step306), which are locally cached on the mobile communication device. Theservice access and privileges control the behavior of the client. In oneimplementation, to prevent command spoofing, the session key is passedin every API server call. The server will validate (every time) thesession key is valid. If valid, the API server call is processed.Failure to validate the session key will cause a failure. In such acase, the client will flush the cached PIN and force the user tore-authenticate (or re-login).

Remote Lock

In one implementation, a mobile application running on a mobilecommunication device can be remotely locked (or disabled) byinvalidating a session key. Users, via calling a Customer Care, apersonal web portal, or some other mechanism, can implement changes(e.g., change PIN, etc.) that causes the server to invalidate thesession key. In real-time, the next attempt by the client to issue anAPI server call, validation of the session key will fail, which (in oneimplementation) causes the client to automatically flush the cached PINand session key, and force the user to re-authenticate. In addition, theclient can perform additional actions, in addition to flushing thecached PIN and session key. This includes, but is not limited to, one ormore of the following: changing the secure element mode to effectivetemporarily or permanently disable the secure element—i.e., a user canremotely alter the state of the smart chip to lock it remotely; anddeleting all cached data stored in the memory (or disk) of the mobilecommunication device.

Session Time Out

In one implementation, while a client is open, a user has access totransaction data. In such an implementation, users who may misplace amobile communication device while the client is open may expose the userto risk of information theft. Therefore, in one implementation, mobileapplication (or client) shuts down after a period of inactivity.Additional tasks that can be associated with the shutdown procedure caninclude, but is not limited to, temporarily shutting down a secureelement (of the mobile communication device) to prevent NFC payments,NFC coupon redemption, and NFC ticket redemption.

Payment Limit PIN

For payments (mobile commerce ticket purchase, etc.), in oneimplementation a user can prevent either fraudulent purchases oraccidental purchases by forcing a PIN prompt when a purchase amountexceed a user-specified value. In one implementation, a user can controlthis behavior globally (e.g., across all users' payment methods) or on aper-payment-method basis. Thus, when a user purchases ticket and selectsa payment method (to pay for purchase), if the transaction amountexceeds a specified payment method's limit, the client will trigger andprompt for the PIN. In order to proceed with purchase, the user has toenter the correct PIN. The user's input is validated against the cachedPIN on the client. The payment transaction will proceed if validated.Otherwise, an appropriate response is generated to the user.Effectively, this is a mechanism for the user (not the Merchant orIssuing Bank) to throttle/control the dollar amount that can beauthorized for various payments and transactions. In the event of acontactless purchase, the client controls the smart chip. In the eventof an electronic purchase (ticketing, etc.), a server can manages thecontrols.

Local Storage of Payment Security Codes

As a convenience to users, a user can opt-in and have only the securitycodes (CVV, etc.) associated to each of their payment methods locallystores on the client. In one implementation, management tools areprovided to add/delete/edit these security codes. In one implementation,the security codes are encrypted (Key Management of encryption keyperformed by a server) and then only stored in the client on the mobilecommunication device. In one implementation, security codes are notstored in any form on the server. The encryption key and security codescan be kept separately to prevent fraudulent usage.

Although the present invention has been particularly described withreference to implementations discussed above, various changes,modifications and substitutes are can be made. Accordingly, it will beappreciated that in numerous instances some features of the inventioncan be employed without a corresponding use of other features. Further,variations can be made in the number and arrangement of componentsillustrated in the figures discussed above.

1. A method for conducting a near field communication transaction usinga mobile device, the method comprising: detecting a near fieldcommunication inductive trigger from a near field communication terminalwhen the mobile device is in close proximity to the near fieldcommunication terminal, the near field communication terminal configuredfor near field communications, wherein the near field communicationinductive trigger is detected by a secure element coupled to the mobiledevice, the mobile device including a mobile device processor, a mobiledevice memory, and a mobile device radio transceiver configured for nearfield communications; executing a secure element application stored in asecure element memory in a secure element, wherein the secure elementapplication is executed by a secure element processor included in thesecure element in response to the near field communication inductivetrigger.
 2. The method of claim 1, further comprising determining that adata exchange between a mobile application running on the mobile deviceand a remote server has occurred, wherein the remote server permits auser associated with the mobile application running on the mobile deviceto conduct a near field communication contactless transaction as aresult of the data exchange.
 3. The method of claim 2, wherein the dataexchange includes exchanging an identification code.
 4. The method ofclaim 3, wherein the identification code is a personal identificationnumber (PIN).
 5. The method of claim 2, wherein the data exchangeincludes using a session key that is a shared key.
 6. The method ofclaim 1, wherein the secure element application is a paymentapplication.
 7. The method of claim 6, wherein the payment applicationis executable to permit the user to perform a transaction involvingstorage of a digital artifact, provide payment information, or providebanking information.
 8. The method of claim 1, wherein the secureelement application is a coupon application.
 9. The method of claim 1,wherein the secure element application is a ticketing application. 10.The method of claim 1, wherein the secure element application is anidentity application.
 11. The method of claim 1, wherein the secureelement is physically coupled to the mobile device but electricallydecoupled from electrical interior components of the mobile device. 12.The method of claim 1, wherein the secure element is physically coupledto the mobile device and wirelessly coupled to electrical interiorcomponents of the mobile device.
 13. The method of claim 1, wherein thesecure element is included within the body of a memory card configuredfor placement in a memory card slot in the mobile device.
 14. The methodof claim 1, wherein the secure element is embedded within the body ofthe mobile device.
 15. The mobile device of claim 1, wherein the NFCterminal is a mobile device coupled with a secure element and furtherwherein the secure element is configured for near field communications.16. The mobile device of claim 1, wherein the NFC terminal is a secureelement and further wherein the secure element includes a chipconfigured for unidirectional near field communication.
 17. A system forconducting a near field communication transaction using a mobile device,the system comprising: a secure element processor configured to conducta near field communication contactless transaction; a secure elementtransceiver configured to detect a near field communication inductivetrigger from a near field communication terminal when the mobile deviceis in close proximity to the near field communication terminal, the nearfield communication terminal configured for near field communications,wherein the secure element transceiver is included in a secure elementcoupled to the mobile device, the mobile device including a mobiledevice processor, a mobile device memory, and a mobile device radiotransceiver configured for near field communications; and a secureelement memory configured to maintain a secure element application,wherein the secure element application is executed in response to thenear field communication inductive trigger.
 18. The system of claim 17,wherein the data exchange includes exchanging an identification code.19. The system of claim 18, wherein the identification code is apersonal identification number (PIN).
 20. The system of claim 17,wherein the data exchange includes using a session key that is a sharedkey.
 21. The system of claim 17, wherein the secure element applicationis a payment application.
 22. The system of claim 21, wherein thepayment application is executable to permit a user to perform atransaction involving storage of a digital artifact, provide paymentinformation, or provide banking information.
 23. The mobile device ofclaim 17, wherein the NFC terminal is a mobile device coupled with asecure element and further wherein the secure element is configured fornear field communications.
 24. The mobile device of claim 17, whereinthe NFC terminal is a secure element and further wherein the secureelement includes a chip configured for unidirectional near fieldcommunication.
 25. An apparatus comprising: means for detecting a nearfield communication inductive trigger from a near field communicationterminal when the mobile device is in close proximity to the near fieldcommunication terminal, the near field communication terminal configuredfor near field communications, wherein the near field communicationinductive trigger is detected by a secure element coupled to the mobiledevice, the mobile device including a mobile device processor, a mobiledevice memory, and a mobile device radio transceiver configured for nearfield communications; and means for executing a secure elementapplication stored in a secure element memory in a secure element,wherein the secure element application is executed by a secure elementprocessor included in the secure element in response to the near fieldcommunication inductive trigger.